Directory Proxy Server 6.0 Architecture

This section briefly presents the new Directory Proxy Server architecture
and what is new compared to 5.x. Its aim is to help you understand why literal
translation of some 5.x configuration attributes is not possible.

Data views, however, are new. They do not correspond to anything present
in 5.x. Fundamentally Directory Proxy Server 6.0 handles incoming
connections individually, assigning a connection handler when
the connection is opened, and reassigning a connection handler upon rebind
when the bind identity changes.

The connection handler gives Directory Proxy Server a set of policy rules
for making decisions about what to do with operations requested through a
given connection. Connection handlers correspond roughly to network groups
in 5.x, yet whereas network groups are configured to use load balanced groups
directly.

Directory Proxy Server 6.0 uses connection handlers mainly
to determine policies about a connection, so it can take appropriate decisions
about operations performed on that connection. For example, if a connection
handler is configured to prevent write operations on a certain connection, Directory Proxy Server can
use that property of the policy to short circuit evaluations concerning write
operation requests on that connection. In this case, the appropriate errors
are returned to the client as soon as Directory Proxy Server has decoded the operation.

LDAP operations on a connection are handled in Directory Proxy Server first
through data views. Data views enable Directory Proxy Server to perform DN-based
routing. In other words, operations concerning one set of data can be sent
to one set of data sources, and operations concerning another set of data
can be sent elsewhere. This new architectural form seems unnecessary when
you look at it from the point of view of reproducing a 5.x configuration.
Yet data views become indispensable when you want to distribute different
directory data across various directories, or when you want to recover different
data from disparate data sources to present a virtual directory view of those
sources to a client application.